The establishment of the VPN Server under WIN7 I am digging for myself again...

Let's first explain why this article has been written. Playing local network games with classmates usually uses various game combat platforms, such as haofang. However, anyone who has used this kind of things knows that it is difficult to grab a room or have a high latency. So one of my classmates got a VPN software, but I think it is better to build a VPN with someone else's VPN Server. After all, we are all in the network environment of China Telecom, there is no need to go into a circle on someone's server. WIN7 itself has its own VPN function, so I tried it and encountered many problems, so I had this article.

 

Test Environment Introduction

Classmate machine (client): WIN7 64-bit telecommunications network router PPPOE dial-up optical fiber, but there is a multi-layer router Intranet

My machine (server): WIN7 64-bit telecommunications network router PPPOE dial-up optical fiber only one layer of router has completed DMZ penetration and related VPN Security Settings

Because the network environment on my side is relatively simple, I am here to serve as a server.

 

Server Environment Configuration

As shown in, in "Control Panel \ network and Internet \ Network Connection", select "new incoming connection" under the File menu ".

 

As shown in, select an account that can be used for remote logon, and click "Add User" to add new users. This is a recommended practice, because the added user does not belong to any user group and is only used for logon.

 

As shown in, there is nothing to say about Hook selection.

 

As shown in, you can configure related protocols here, for example, whether to use DHCP to automatically allocate IP addresses, manually divide an IP address segment, or allow clients to specify their own IP addresses.

 

As shown in, the connection has been created, but we still need to make some settings. Otherwise, the connection will fail.

As shown in, right-click the connection and select properties. In the "user" tab of this dialog box, remove the hooks in the red box above, if it is checked, there will be a problem during the connection process due to the encryption relationship. Security is not considered here. I just used it to play the game.

 

Client environment Configuration

As shown in, in "network and sharing center", select "set new connection or network ".

 

As shown in, select "connect to workspace ".

 

As shown in, select "Internet connection ".

 

As shown in, select "do not connect now" because there are other settings to be modified later. Fill in the IP address of the server in the Internet address, of course, if you bind a domain name with a peanut shell, you can fill in the domain name address, so that you do not need to change the IP address of the server every time you connect. I don't have a peanut shell here. I use a dynamic Dialing IP address.

 

As shown in, enter the username and password set for Logon on the server and click "CREATE ".

 

Do not connect immediately. I still need to modify the settings here. Click "close ".

 

As shown in, right-click the new VPN connection and choose "properties ".

 

As shown in, select "L2TP/IPSec" for "VPN type" and "no encryption allowed" for data encryption ".

 

As shown in, click "Advanced Settings". In the displayed dialog box, remove the hook "verify the server certificate's 'name' and 'use' attributes". Otherwise, the connection will fail, the configuration will be completed after confirmation.

 

Modify the Registry

If you do not modify the registry, the connection fails even after the above steps. I marked it with a red background. Don't blame me for failing to ignore it ......

This is because Windows automatically creates an IPsec Policy for the VPN connected to L2TP. This IPsec Policy uses the certificate on the local machine for mutual authentication. if the local machine does not have an appropriate certificate, the connection will fail, so we need to cancel the IPsec Policy automatically created by L2TP VPN.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ services \ RasMan \ Parameters]
"ProhibitIPsec" = dword: 00000001

After the preceding registry key values are added to both the client and server, the policy of automatically creating IPsec in L2TP VPN is canceled. Remember to restart the machine.

 

Supplement

If the connection still fails after the above settings, you can check whether the ing of the corresponding service is enabled on the server router. It is the router configuration interface on my side.

If the connection still fails, I cannot help. Like my classmate, in his multi-layer Intranet environment, I never succeeded in using his computer as a server. Although he claimed that he had set all the router configurations, the DMZ penetration settings for all routers are configured, but I cannot connect to them.

 

Summary and questions

Previously, I learned about VPN during WIN2003. I remember that the environment was dual-nic at that time. This is the first time that I used it in WIN7. It is easier to configure than WIN2003, in addition, only one Nic is used, but many previous configuration options cannot be found. If there is something wrong, please point it out.

Several connection methods have been tested. Only L2TP/IPSec has been successfully configured in this way. For the purpose of playing a LAN game with a classmate, it is not used to issue certificates, after all, this is too troublesome. All the above settings are used to remove various security measures during connection establishment. Although I found the pre-shared key method in addition to the certificate in the client settings of VPN connection in WIN7, the configuration interface on the server is too different from that on WIN2003, the pre-shared key configuration page is not found at all. If any of you know about the pre-shared key configuration page, please let me know.